Re: AUDIT question

• From: Bill Zakrzewski <bill@xxxxxxxxxxxx>
• To: mark.powell2@xxxxxx
• Date: Thu, 10 Nov 2011 14:38:41 -0500

Thanks for all your responses.  It is a requirement placed upon us by the 
security organization to audit all activities of users having the DBA role.  I 
know this will cause additional overhead, but it is limited to a handful of 
users.  I have been reading several documents and think I found the proper way 
to configure auditing for this scenario.

AUDIT ALL BY <dbauser1, dbauser2, etc> BY ACCESS;

Then I have to add....

AUDIT INSERT, UPDATE, DELETE, ALTER TABLE, EXECUTE PROCEDURE, etc. BY 
<dbauser1, dbauser2, etc> BY ACCESS;

Then when anyone grants DBA to a new user they will need to set up auditing for 
that particular user, just another step when creating privileged users.

The oracle documents I was reading did not do a great job of illustrating how 
to audit actions of a single user, but some other websites supplied the 
necessary information.  I also found out AUDIT ALL does not audit "all" :-)

Thanks again,
Bill

On Nov 10, 2011, at 1:57 PM, Powell, Mark wrote:

> Do you really need to audit DBA users?  What about auditing actions such as 
> audit table, audit view, audit procedure, etc ... so all create table, alter 
> table, and drop table etc... have an audit record created for the action.
> 
> You can also turn auditing on for user SYS activities.
> 
> Between the two features above you get a manageable but pretty decent record 
> of DDL actions.
> 
> 
> -----Original Message-----
> From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
> Behalf Of Bill Zakrzewski
> Sent: Thursday, November 10, 2011 10:17 AM
> To: oracle-l@xxxxxxxxxxxxx L
> Subject: AUDIT question
> 
> Environment:
> 
> Oracle 9.2.0.8.0
> HP-UX 11.11
> 
> 
> We would like to audit all activities of the oracle users that have the DBA 
> role granted.  My initial thought was to create a logon trigger to check for 
> the DBA role and turn auditing on for that particular session, but I do not 
> believe that is an option.  Any ideas?
> 
> Thanks,
> Bill--
> //www.freelists.org/webpage/oracle-l
> 
> 
> --
> //www.freelists.org/webpage/oracle-l
> 
> 
> 

--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • Re: AUDIT question
    • From: Wayne Smith

• References:
  • AUDIT question
    • From: Bill Zakrzewski
  • RE: AUDIT question
    • From: Powell, Mark

Other related posts:

• » AUDIT question- Bill Zakrzewski
• » RE: AUDIT question- Powell, Mark
• » Re: AUDIT question- rjamya
• » RE: AUDIT question- Michael Dinh
• » Re: AUDIT question - Bill Zakrzewski
• » Re: AUDIT question- Wayne Smith
• » Re: AUDIT question- Subodh Deshpande
• » Re: AUDIT question- Pete Finnigan

1. Home
2. oracle-l
3. Archive
4. 11-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---